[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Groups - dss-requirements-1.0-draft-03.doc uploaded
-----Original Message-----
From: Krishna Yellepeddy [mailto:kyellepe@us.ibm.com]
Sent: 08 April 2003 00:58
To: dss@lists.oasis-open.org
Subject: Re: [dss] Groups - dss-requirements-1.0-draft-03.doc uploaded
Section 3.6.2 of draft-03 states:
- Explicit key and validation info submitted by client ( Certificates, CRLs, OCSP response)
Allowing the client to provide CRLS and OCSP responses which then get used by the server in the verification of a signature, hurts the quality of the verification being done. It also opens the door for claims that had the client not provided incorrect information, the server could have verified the signature better. Why would we want the client to provide this information ? Moreover, the client may not have the capabilities to obtain and provide this information. I realize it increases the burden on the server to obtain this information directly, but it improves the quality of the verification to make the server obtain this information directly.
Regards,
Krishna
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]